how to append data to a config file from a pillar in salt

Question

i wrote a salt state as below which writes data to config.yaml

   file.append: 
    - name: /etc/xentrax/config.yml
    - text: |
       tunnel: xentrax
       credentials-file: /roor/.xentrax/xentrax.json
       logfile: /var/log/xentrax.log
       loglevel: info

now i want to append some sensitive data to this config.yaml using a pillar. the data is sensitive data and i want to maintain using a pillar. the data i want to append is below

    ingress:
      - hostname: shop.xentrax.com
      - keyid: xxxxxxxxxxxxxxxxxxx
        originRequest:
          httpHostHeader: shop.xentrax.com
          originServerName: shop.xentrax.com
        service: https://localhost:443
      - service: http_status:404

How to write that pillar? i am pretty new to saltstack. please help me. the final data in the config.yaml after applying pillar would be like

   tunnel: xentrax
   credentials-file: /roor/.xentrax/xentrax.json
   logfile: /var/log/xentrax.log
   loglevel: info
   ingress:
    - hostname: shop.xentrax.com
    - keyid: xxxxxxxxxxxxxxxxxxx
      originRequest:
       httpHostHeader: shop.xentrax.com
       originServerName: shop.xentrax.com
      service: https://localhost:443
    - service: http_status:404




   

Answer 1

The pillar definition is straightforward:

xentrax_ingress:
  ingress:
    - hostname: shop.xentrax.com
    - keyid: xxxxxxxxxxxxxxxxxxx
      originRequest:
        httpHostHeader: shop.xentrax.com
        originServerName: shop.xentrax.com
      service: https://localhost:443
    - service: http_status:404

Assuming your final output doesn't have to literally be what you said, only that it is valid YAML, this state will work:

/etc/xentrax/config.yml:
  file.append: 
    - text: |
        tunnel: xentrax
        credentials-file: /roor/.xentrax/xentrax.json
        logfile: /var/log/xentrax.log
        loglevel: info
        {{ pillar["xentrax_ingress"] | tojson }}

If you can manage whole files instead of appending, then file.serialize would be even better:

/etc/xentrax/config.d/part1.yml:
  file.serialize:
    - serializer: yaml
    - dataset:
        tunnel: xentrax
        credentials-file: /roor/.xentrax/xentrax.json
        logfile: /var/log/xentrax.log
        loglevel: info

/etc/xentrax/config.d/part2.yml:
  file.serialize:
    - serializer: yaml 
    - dataset_pillar: xentrax_ingress